Rockwell Automation Lifecycle Services with VMware

Back to Archive

Source

CISA_ICS

Published

7-31-2025

CVE IDs

CVE-2025-41236 CVE-2025-41237 CVE-2025-41238 CVE-2025-41239

Affected Products

Engineered and Integrated Solutions with VMware, VersaVirtual Appliance (VVA) with VMware, Industrial Data Center (IDC) with VMware, Threat Detection Managed Services (TDMS) with VMware, Endpoint Protection Service with Rockwell Automation Proxy & VMware only

Summary

Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-02https://www.cve.org/CVERecord?id=CVE-2025-41236https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:Hhttps://www.cve.org/CVERecord?id=CVE-2025-41237https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:Hhttps://www.cve.org/CVERecord?id=CVE-2025-41238https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:Hhttps://www.cve.org/CVERecord?id=CVE-2025-41239https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N